SB2016092905 - Red Hat update for Red Hat Ceph Storage 1.3.3
Published: September 29, 2016
Security Bulletin ID
SB2016092905
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security bypass (CVE-ID: CVE-2016-7031)
The vulnerability allows authenticated adjacent user to bypass security limitations on the target system.The weakness is caused by insufficient security restrictions that allows a malicious user to bypass Access Control List (ACL) and obtain the contents of the RGW bucket.
Successful exploitaton of the vulnerability may result in access to the vulnerable system.
Remediation
Install update from vendor's website.